Search

Passphrase

Passphrase is an optional feature of the Trezor device which allows users to create hidden wallets. Passphrases serve as a function of second-factor protection of the recovery seed and are an ultimate protection against attacks involving physical access to the device or the recovery seed.

When first initialized, a Trezor device generates a random number which is converted into a mnemonic sentence (recovery seed) and stored in the memory. Subsequently, whenever the device is used, it derives a cryptocurrency wallet from a magical formula; mnemonic+passphrase (extremely simplified).

If the user did not input any passphrase (default setting), an empty string "" is used. When the feature is activated, the user is prompted to enter the passphrase which is then combined with the recovery seed on the device, and a new wallet is generated.

For you, the user, this means:

Once the passphrase feature is activated on the device, you can provide any input of your choosing and it will be used to generate a completely new wallet. To access this hidden wallet repeatedly, you will have to use the exact same passphrase in combination with the recovery seed on the device. Using the same seed with a different passphrase will generate a different wallet. Using a different seed with the "correct" passphrase will generate a different wallet.

If you get a new Trezor device and wish to access the hidden wallet, you will have to recover your previously used recovery seed, activate the passphrase feature, and enter the exact same passphrase as before.

Mistyping the passphrase will generate a completely new wallet. There is no such thing as an "incorrect passphrase", so whatever you provide as your input will be used in the process of deriving a wallet.

If you enter an empty passphrase (no passphrase at all), the device will proceed exactly as if the passphrase feature had not been activated at all, and generate a wallet from your recovery seed stored on the device.

The passphrase feature is also covered in the following YouTube video clip:

ImportantIf you use a passphrase-generated wallet to store your coins, you will need to use the exact same passphrase to access your funds.

Trezor Model T users can choose to enter the passphrase either on the host device (a computer, phone) or directly on the Trezor by using the touchscreen. Trezor One only offers the option to enter the passphrase using the web browser at the moment.

Because the passphrase is not stored anywhere on the device, it is impervious to any attacks involving physical access and tampering with the chip. Furthermore, if somebody compromised your physical copy of the recovery seed, they still would not be able to access your passphrase protected wallet unless they knew the passphrase.

Passphrases are free. You can create as many passphrases in combination with your recovery seed as you like. This ease of creating a new wallet lets you gain a secondary advantage of hidden wallets = plausible deniability.

Once you get familiar with the feature and feel confident using it, you can consider creating "decoy wallets".

If burglary and physical danger is in your threat model, you might want to leave some pocket money in the basic "non-passphrase" wallet, then move a portion of your funds to one passphrase; and lastly, the most significant portion of your funds to another passphrase-protected wallet.

The idea behind this is that if you ever find yourself in a situation where somebody is trying to extort a ransom from you or puts you under duress, you can safely give up the PIN or even the decoy passphrase.

WarningAvoid talking about your balances and examine your general security practices. The efficiency of fooling somebody with a decoy wallet is highly circumstantial.

The ability to create an almost unlimited number of wallets provides some practical advantages too. You can share one recovery seed with a significant other (sort of like a mutual account) and distinguish your private wallets using a personal passphrase. Using this technique, you can share a mutual wallet within your household, with colleagues, or friends according to your preferences and needs.

By using the passphrase feature, you, the user, gain lots of additional personal responsibility in direct proportion to the security enhancements.

Because the passphrase is not stored anywhere, you need to take all necessary precautions in order to preserve the passphrase safe, be it a physical backup or just a memory.

If the passphrase is lost, it can only be found by guessing (brute-forcing) which is often technologically and economically infeasible (read impossible). The difficulty of guessing the passphrase varies depending on the strength (complexity) of the passphrase.